From 101550383386f465e689aa846826b58aa72cf793 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Mon, 24 Apr 2023 15:49:32 -0400
Subject: [PATCH] kuksa_viss_client: Add external certificates support

Tweak the definition of __certificate_dir__ in the kuksa_certificates
package, and certificate location logic in the client library to allow
picking up alternative certificates from /etc/kuksa-certificates or
/etc/kuksa-val before falling back to the shipped defaults.  The
intent is to allow packagers to more straighhtforwardly use their own
certificates with both the server and clients.

Upstream-Status: pending

Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 kuksa_certificates/__init__.py     |  7 ++++++-
 kuksa_viss_client/KuksaGrpcComm.py | 10 +++++-----
 kuksa_viss_client/KuksaWsComm.py   | 10 +++++-----
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/kuksa_certificates/__init__.py b/kuksa_certificates/__init__.py
index 5f05b75..ac60bc3 100644
--- a/kuksa_certificates/__init__.py
+++ b/kuksa_certificates/__init__.py
@@ -2,4 +2,9 @@ import os
 
 from kuksa_viss_client._metadata import *
 
-__certificate_dir__= os.path.dirname(os.path.realpath(__file__))
+if os.path.isdir("/etc/kuksa-certificates"):
+    __certificate_dir__= "/etc/kuksa-certificates"
+elif os.path.isdir("/etc/kuksa-val"):
+    __certificate_dir__= "/etc/kuksa-val"
+else:
+    __certificate_dir__= os.path.dirname(os.path.realpath(__file__))
diff --git a/kuksa_viss_client/KuksaGrpcComm.py b/kuksa_viss_client/KuksaGrpcComm.py
index 1f55754..e425e7e 100644
--- a/kuksa_viss_client/KuksaGrpcComm.py
+++ b/kuksa_viss_client/KuksaGrpcComm.py
@@ -28,22 +28,22 @@ import uuid, time, threading
 
 from . import kuksa_pb2
 from . import kuksa_pb2_grpc
+from kuksa_certificates import __certificate_dir__
 
 class KuksaGrpcComm:
 
     # Constructor
     def __init__(self, config):
-        scriptDir= os.path.dirname(os.path.realpath(__file__))
         self.serverIP = config.get('ip', "127.0.0.1")
         self.serverPort = config.get('port', 8090)
         try:
             self.insecure = config.getboolean('insecure', False)
         except AttributeError:
             self.insecure = config.get('insecure', False)
-        self.cacertificate = config.get('cacertificate', os.path.join(scriptDir, "../kuksa_certificates/CA.pem"))
-        self.certificate = config.get('certificate', os.path.join(scriptDir, "../kuksa_certificates/Client.pem"))
-        self.keyfile = config.get('key', os.path.join(scriptDir, "../kuksa_certificates/Client.key"))
-        self.tokenfile = config.get('token', os.path.join(scriptDir, "../kuksa_certificates/jwt/all-read-write.json.token"))
+        self.cacertificate = config.get('cacertificate', os.path.join(__certificate_dir__, "CA.pem"))
+        self.certificate = config.get('certificate', os.path.join(__certificate_dir__, "Client.pem"))
+        self.keyfile = config.get('key', os.path.join(__certificate_dir__, "Client.key"))
+        self.tokenfile = config.get('token', os.path.join(__certificate_dir__, "jwt/all-read-write.json.token"))
         self.grpcConnected = False
 
         self.subscriptionCallbacks = {}
diff --git a/kuksa_viss_client/KuksaWsComm.py b/kuksa_viss_client/KuksaWsComm.py
index b0d4cc1..b85b573 100644
--- a/kuksa_viss_client/KuksaWsComm.py
+++ b/kuksa_viss_client/KuksaWsComm.py
@@ -20,22 +20,22 @@
 
 import json, queue, time, uuid, os, ssl
 import asyncio, websockets
+from kuksa_certificates import __certificate_dir__
 
 class KuksaWsComm:
 
     # Constructor
     def __init__(self, config):
 
-        scriptDir= os.path.dirname(os.path.realpath(__file__))
         self.serverIP = config.get('ip', "127.0.0.1")
         self.serverPort = config.get('port', 8090)
         try:
             self.insecure = config.getboolean('insecure', False)
         except AttributeError:
             self.insecure = config.get('insecure', False)
-        self.cacertificate = config.get('cacertificate', os.path.join(scriptDir, "../kuksa_certificates/CA.pem"))
-        self.certificate = config.get('certificate', os.path.join(scriptDir, "../kuksa_certificates/Client.pem"))
-        self.keyfile = config.get('key', os.path.join(scriptDir, "../kuksa_certificates/Client.key"))
+        self.cacertificate = config.get('cacertificate', os.path.join(__certificate_dir__, "CA.pem"))
+        self.certificate = config.get('certificate', os.path.join(__certificate_dir__, "Client.pem"))
+        self.keyfile = config.get('key', os.path.join(__certificate_dir__, "Client.key"))
         self.wsConnected = False
 
         self.subscriptionCallbacks = {}
@@ -254,4 +254,4 @@ class KuksaWsComm:
                     await self._msgHandler(ws)
             except OSError as e:
                 print("Disconnected!! " + str(e))
-                pass
\ No newline at end of file
+                pass
-- 
2.39.2